Existing encrypted traffic analysis methods struggle to model multidimensional semantics and lack auditable reasoning processes, often producing only class labels without human-interpretable evidence. To address these limitations, this work introduces BGTD—the first byte-anchored multimodal benchmark—integrating raw traffic bytes with expert-provided structured annotations. Building upon this benchmark, the authors propose mmTraffic, an end-to-end framework that jointly optimizes a perception-cognition architecture by co-training a traffic encoder and a large language model (LLM) generator. This approach achieves classification accuracy on par with state-of-the-art models such as NetMamba while significantly mitigating modality interference and generation hallucinations. As a result, mmTraffic automatically produces high-fidelity, verifiable, and evidence-based natural language explanation reports.

Network traffic, as a key media format, is crucial for ensuring security and communications in modern internet infrastructure. While existing methods offer excellent performance, they face two key bottlenecks: (1) They fail to capture multidimensional semantics beyond unimodal sequence patterns. (2) Their black box property, i.e., providing only category labels, lacks an auditable reasoning process. We identify a key factor that existing network traffic datasets are primarily designed for classification and inherently lack rich semantic annotations, failing to generate human-readable evidence report. To address data scarcity, this paper proposes a Byte-Grounded Traffic Description (BGTD) benchmark for the first time, combining raw bytes with structured expert annotations. BGTD provides necessary behavioral features and verifiable chains of evidence for multimodal reasoning towards explainable encrypted traffic interpretation. Built upon BGTD, this paper proposes an end-to-end traffic-language representation framework (mmTraffic), a multimodal reasoning architecture bridging physical traffic encoding and semantic interpretation. In order to alleviate modality interference and generative hallucinations, mmTraffic adopts a jointly-optimized perception-cognition architecture. By incorporating a perception-centered traffic encoder and a cognition-centered LLM generator, mmTraffic achieves refined traffic interpretation with guaranteed category prediction. Extensive experiments demonstrate that mmTraffic autonomously generates high-fidelity, human-readable, and evidence-grounded traffic interpretation reports, while maintaining highly competitive classification accuracy comparing to specialized unimodal model (e.g., NetMamba). The source code is available at https://github.com/lgzhangzlg/Multimodal-Reasoning-with-LLM-for-Encrypted-Traffic-Interpretation-A-Benchmark